BSOD in mrxsmb10.sys post Nov 2009 Bulletins
Yesterday my Vista Ultimate SP2 x86 system BSOD after attempting to open a jpg file saved on a mapped network drive connected to a local share (T: mapped to \\mycomputer\share\subfolder). After submitting error report (solution suggested upgrading to Vista SP1, yet I have Vista SP2), I made a copy of the file and attempted to open the copy, same BSOD. The details on the screen are only displayed a couple of seconds but the error occurs in RDR_FILE_SYSTEM and with driver MRXSMB10.SYS. The driver version is 6.0.6002.18005 which appears to be the correct SP2 binary. - jpg causing error was created from screenshot in MSPaint, 31 KB - Disabling all VirusScan 8.5i options and setting 3 McAfee services to disabled did not fix the issue - Error only occurs when double clicking the jpg file to open - Error does not occur when opening jpg from physical drive, only with mapped drive T: - Error does not occur when renaming jpg to .jpg.txt and opening with notepad - Error does not occur when right clicking file and choosing Open With, all JPG viewers work ok without error even the default viewer used by double clicking - C:\>ftype jpegfile jpegfile=%SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll", ImageView_Fullscreen %1 - C:\>assoc .jpg .jpg=jpegfile - Similar errors occurred with VirusScan 8.7i last year, complete removal and replacement by 8.5i fixed that issue (8.7i Patch 2 may fix this issue per McAfee KB) - No changes have occurred to system except installing all November 2009 Security Bulletins last week - I will attempt to find additional jpg files on T: as well as on remote servers to see if BSOD re-occurs - appx 6 Windows Error Reports (one for each BSOD) have been submitted - Why do I have a mapped drive to a local hard drive? Long file names get cut off due to the deep path, and the mapped drive seems to be an easier solution than the the ancient DOS subst command Note: unlike the newsgroup forums, I do not see a method to attach files to this message/post, please re-enable TechNet Managed Newsgroups!
November 20th, 2009 8:37pm

Latest BSOD details (McAfee turned off), this time re-created by opening a PNG file instead of a JPG from T: Problem signature: Problem Event Name: BlueScreen OS Version: 6.0.6002.2.2.0.256.1 Locale ID: 1033 Additional information about the problem: BCCode: 27 BCP1: BAAD0075 BCP2: AC3F439C BCP3: AC3F4098 BCP4: AB884DCA OS Version: 6_0_6002 Service Pack: 2_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\Mini112009-12.dmp C:\Users\myusername\AppData\Local\Temp\WER-56737-0.sysdata.xml C:\Users\myusername\AppData\Local\Temp\WERF48B.tmp.version.txt Read our privacy statement: http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409 - GIF files opened without problem - JPG file that causes BSOD opens correctly from mapped network drive on remote computer - Error occurs when file opened from unc path as well as mapped drive letter - Error does not occur when file opened from drive connected via SUBST - Error does not occur on a Windows XP SP2 system
Free Windows Admin Tool Kit Click here and download it now
November 20th, 2009 9:25pm

Hi Mltwwlco, Before moving on, please allow me explain background information regarding the blue screen stop problem. What is the blue screen stop? Generally speaking, this should actually be a blue screen stop issue or stop error issue. Windows 2000 and later (including Windows Vista) uses separated user mode and kernel mode memory space. The blue screen stop errors are always caused by kernel portion components, such as a device drivers, backup software or anti-virus services (buggy services). To be more specific, the system goes to a blue screen because there is some exceptions happened in the kernel (a device drivers, backup software or anti-virus services, etc.), and Windows implements this mechanism: When it detects some errors occur in the kernel, it will kill the box in case some more severe damage happens. Then we get a blue screen or the system reboots (it depends on what the system settings are). Windows 2000, Windows XP and Windows Vista act similarly when kernel mode crash problem occurs. How to troubleshoot the blue screen stop problem? To solid troubleshoot this kind of kernel crash issue, we need to debug the crashed system dump and analyze the related source code if needed. Unfortunately, debugging is beyond what we can do in the forum. I'd like to recommend that you contact Microsoft Customer Support Service (CSS) for assistance so that this problem can be resolved efficiently. To obtain the phone numbers for specific technology request please take a look at the web site listed below: http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS If you are outside the US please see http://support.microsoft.com for regional support phone numbers. Having said that, I'd still like to provide the following general troubleshooting steps for your reference. You can try them first before calling Microsoft CSS: Note: Please perform a complete system backup first. If any unexpected issue occurs, we can quickly restore the system to the current status. 1. Scan your system to make sure that the system is virus free. Temporarily disable your anti-virus software to see if this problem is gone. 2. If you have recently installed any software, hardware or drivers, please remove them. 3. Disable all the third party startup programs and services by using the MSConfig.exe utility shipped with system. To use this tool, you can refer to the following Microsoft Knowledge Base article: How to perform a clean boot procedure to determine whether background programs are interfering with a game or a program that you currently use http://support.microsoft.com/kb/331796 4. However, if the issue still persists, please contact Microsoft Customer Support Service (CSS) for further troubleshooting. I hope the problem will be resolved soon. Hope it helps.
November 24th, 2009 5:10am

After a couple of weeks of troubleshooting and removing bothantivirus and VPN software, I found the problem was due to Security Advisory975497, specifically applying the MicrosoftFixit50304.msi (digital signaturesigned 2009-09-09 20:05:55). Fixit 50304 disables SMB 2.0 and wasrecommended as a work-around until security bulletin MS09-050 was issued.icrosoftFixit50307.msi can optionally be used tore-enable SMB 2.0 (aka reverse Fixit 50304) since the vulnerability ispatched (I forgot to re-enable it). The reproducible sequence of events that cause this BSOD:1. Installed MicrosoftFixit50304.msi at 2009-09-21 18:00:23 per Applicationlog2. 2009-10-14 MS09-050 installed with all other applicable October 2009Security Bulletins3. 2009-11-19 13_39 attempted to open JPG file created in MSPaint on T:mapped to a local share on my computer, BSOD, windows error report sent onnext reboot4. 2009-11-20 additional testing and multiple BSOD WER (WER = Windows ErrorReport aka Problem Reports and Solutions) sent, initial report made tonewsgroup/forum TechNet.en-US.itprovistasecurity5. 2009-12-15 uninstalled McAfee 8.5i and Cisco VPN, cold boot, BSOD stilloccurs6. 2009-12-15 verified registry setting for SMB 2.0 per MS07-063:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]"Smb2"=dword:0000000015 Remembered / found MicrosoftFixit50304.msi was applied, backedup SMB 2.0 registry keys with current settings, appliedMicrosoftFixit50307.msi to re-enable SMB 2.0, power off and cold rebootperformed8. 2009-12-15 Tested accessing JPG file from T: SYSTEM DID NOT BSOD -PROBLEM SOLVED!9. 2009-12-15 Backed up SMB 2.0 registry keys, appliedMicrosoftFixit50304.msi, reboot, BSOD re-occurs as expected, rebooted anderror report sent to Microsoft10. 2009-12-15 applied MicrosoftFixit50307.msi to re-enable SMB 2.0, poweroff and cold reboot performed, no additional BSOD.11. Changed registry keyHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"Smb2"=dword:00000001to "Smb2"=dword:00000000which should manually disable SMB 2.0 per KB95083612. Tested accessing JPG file from T:, SMB 2.0 off no problems, rebooted andstill no problems!13. Re-ran MicrosoftFixit50307.msi to re-enable SMB 2.014. 2009-12-17 Reported findings to Microsoftassist others with this issue and close thisproblem:* Contact Fixit group to verify my test results ( I have spent over 10 hourstroubleshooting this issue plus lost work due to unexpected BSOD)* Fix MicrosoftFixit50304.msi, it seems to be the root cause of this crash* Update WER to suggest re-enabling SMB 2.0 and/or applyingMicrosoftFixit50307.msi to solve this problem and fix incorrect WERsuggestion to install Vista SP1 on computers when Vista SP2 is alreadyinstalled* Update KB975517 with this known issue, document all registry settings andany other changes made by MicrosoftFixit50304.msi andMicrosoftFixit50307.msi* Clarify required changes to disable SMB 2.0 made by MicrosoftFixit50304vs. KB950836, they appear to be different* Forward this information to MSRC to have them test and see if the reportedBSOD in RDR_FILE_SYSTEM might be regression errors from the fixes made forMS09-050 / MS07-063 and possible upcoming patch for Microsoft Securityy in SMB Could Allow Denial of Service========="Robinson Zhang - MSFT" wrote in messagenews:721b0334-bc92-439d-9246-f83340a07c83...Hi Mltwwlco,< Snipped >
Free Windows Admin Tool Kit Click here and download it now
December 17th, 2009 11:33pm

Microsoft, I would appreciate a reply per the terms in "TechNet Managed Newsgroups and Forums" h ttp://technet.microsoft.com/en-us/subscriptions/ms788697.aspx and " Managed newsgroup support, with guaranteed response times.Get expert technical answers by the next business day -guaranteed -through more than 100 managed newsgroups." ht tp://technet.microsoft.com/en-us/subscriptions/default.aspx</F ONT> "Mltwwlco" wrote in message news:66d72557-5009-410 3-af61-c9d2bd9fb0e3... After a couple of weeks of troubleshooting and removing bothantivirus and VPN software, I found the problem was due to Security Advisory975497, specifically applying the MicrosoftFixit50304.msi (digital signaturesigned 2009-09-09 20:05:55). Fixit 50304 disables SMB 2.0 and wasrecommended as a work-around until security bulletin MS09-050 was issued.icrosoftFixit50307.msi can optionally be used tore-enable SMB 2.0 (aka reverse Fixit 50304) since the vulnerability ispatched (I forgot to re-enable it).The reproducible sequence of events that cause this BSOD:1. Installed MicrosoftFixit50304.msi at 2009-09-21 18:00:23 per Applicationlog2. 2009-10-14 MS09-050 installed with all other applicable October 2009Security Bulletins3. 2009-11-19 13_39 attempted to open JPG file created in MSPaint on T:mapped to a local share on my computer, BSOD, windows error report sent onnext reboot4. 2009-11-20 additional testing and multiple BSOD WER (WER = Windows ErrorReport aka Problem Reports and Solutions) sent, initial report made tonewsgroup/forum TechNet.en-US.itprovistasecurity5. 2009-12-15 uninstalled McAfee 8.5i and Cisco VPN, cold boot, BSOD stilloccurs6. 2009-12-15 verified registry setting for SMB 2.0 per MS07-063:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanman Server\Parameters]"Smb2"=dword:0000000015 Remembered / found MicrosoftFixit50304.msi was applied, backedup SMB 2.0 registry keys with current settings, appliedMicrosoftFixit50307.msi to re-enable SMB 2.0, power off and cold rebootperformed8. 2009-12-15 Tested accessing JPG file from T: SYSTEM DID NOT BSOD -PROBLEM SOLVED!9. 2009-12-15 Backed up SMB 2.0 registry keys, appliedMicrosoftFixit50304.msi, reboot, BSOD re-occurs as expected, rebooted anderror report sent to Microsoft10. 2009-12-15 applied MicrosoftFixit50307.msi to re-enable SMB 2.0, poweroff and cold reboot performed, no additional BSOD.11. Changed registry keyHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ Parameters"Smb2"=dword:00000001to "Smb2"=dword:00000000which should manually disable SMB 2.0 per KB95083612. Tested accessing JPG file from T:, SMB 2.0 off no problems, rebooted andstill no problems!13. Re-ran MicrosoftFixit50307.msi to re-enable SMB 2.014. 2009-12-17 Reported findings to Microsoftassist others with this issue and close thisproblem:* Contact Fixit group to verify my test results ( I have spent over 10 hourstroubleshooting this issue plus lost work due to unexpected BSOD)* Fix MicrosoftFixit50304.msi, it seems to be the root cause of this crash* Update WER to suggest re-enabling SMB 2.0 and/or applyingMicrosoftFixit50307.msi to solve this problem and fix incorrect WERsuggestion to install Vista SP1 on computers when Vista SP2 is alreadyinstalled* Update KB975517 with this known issue, document all registry settings andany other changes made by MicrosoftFixit50304.msi andMicrosoftFixit50307.msi* Clarify required changes to disable SMB 2.0 made by MicrosoftFixit50304vs. KB950836, they appear to be different* Forward this information to MSRC to have them test and see if the reportedBSOD in RDR_FILE_SYSTEM might be regression errors from the fixes made forMS09-050 / MS07-063 and possible upcoming patch for Microsoft Securityy in SMB Could Allow Denial of Service========="Robinson Zhang - MSFT" wrote in messagenews:721b0334-bc92-439d-9246-f83340a07c83...Hi Mltwwlco,< Snipped >
January 1st, 2010 12:39am

Another week has passed, I require a response to this issue ASAP! "Mltwwlco" wrote in message news:dcfb05dd-6010-431 2-8c0c-c89ff6c1adcd... Microsoft, I would appreciate a reply per the terms in "TechNet Managed Newsgroups and Forums" h ttp://technet.microsoft.com/en-us/subscriptions/ms788697.aspx and " Managed newsgroup support, with guaranteed response times.Get expert technical answers by the next business day -guaranteed -through more than 100 managed newsgroups." ht tp://technet.microsoft.com/en-us/subscriptions/default.aspx< ;/F ONT> "Mltwwlco" wrote in message news:66d72557-5009-410 3-af61-c9d2bd9fb0e3... After a couple of weeks of troubleshooting and removing bothantivirus and VPN software, I found the problem was due to Security Advisory975497, specifically applying the MicrosoftFixit50304.msi (digital signaturesigned 2009-09-09 20:05:55). Fixit 50304 disables SMB 2.0 and wasrecommended as a work-around until security bulletin MS09-050 was issued.icrosoftFixit50307.msi can optionally be used tore-enable SMB 2.0 (aka reverse Fixit 50304) since the vulnerability ispatched (I forgot to re-enable it).The reproducible sequence of events that cause this BSOD:1. Installed MicrosoftFixit50304.msi at 2009-09-21 18:00:23 per Applicationlog2. 2009-10-14 MS09-050 installed with all other applicable October 2009Security Bulletins3. 2009-11-19 13_39 attempted to open JPG file created in MSPaint on T:mapped to a local share on my computer, BSOD, windows error report sent onnext reboot4. 2009-11-20 additional testing and multiple BSOD WER (WER = Windows ErrorReport aka Problem Reports and Solutions) sent, initial report made tonewsgroup/forum TechNet.en-US.itprovistasecurity5. 2009-12-15 uninstalled McAfee 8.5i and Cisco VPN, cold boot, BSOD stilloccurs6. 2009-12-15 verified registry setting for SMB 2.0 per MS07-063:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanman Server\Parameters]"Smb2"=dword:0000000015 Remembered / found MicrosoftFixit50304.msi was applied, backedup SMB 2.0 registry keys with current settings, appliedMicrosoftFixit50307.msi to re-enable SMB 2.0, power off and cold rebootperformed8. 2009-12-15 Tested accessing JPG file from T: SYSTEM DID NOT BSOD -PROBLEM SOLVED!9. 2009-12-15 Backed up SMB 2.0 registry keys, appliedMicrosoftFixit50304.msi, reboot, BSOD re-occurs as expected, rebooted anderror report sent to Microsoft10. 2009-12-15 applied MicrosoftFixit50307.msi to re-enable SMB 2.0, poweroff and cold reboot performed, no additional BSOD.11. Changed registry keyHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ Parameters"Smb2"=dword:00000001to "Smb2"=dword:00000000which should manually disable SMB 2.0 per KB95083612. Tested accessing JPG file from T:, SMB 2.0 off no problems, rebooted andstill no problems!13. Re-ran MicrosoftFixit50307.msi to re-enable SMB 2.014. 2009-12-17 Reported findings to Microsoftassist others with this issue and close thisproblem:* Contact Fixit group to verify my test results ( I have spent over 10 hourstroubleshooting this issue plus lost work due to unexpected BSOD)* Fix MicrosoftFixit50304.msi, it seems to be the root cause of this crash* Update WER to suggest re-enabling SMB 2.0 and/or applyingMicrosoftFixit50307.msi to solve this problem and fix incorrect WERsuggestion to install Vista SP1 on computers when Vista SP2 is alreadyinstalled* Update KB975517 with this known issue, document all registry settings andany other changes made by MicrosoftFixit50304.msi andMicrosoftFixit50307.msi* Clarify required changes to disable SMB 2.0 made by MicrosoftFixit50304vs. KB950836, they appear to be different* Forward this information to MSRC to have them test and see if the reportedBSOD in RDR_FILE_SYSTEM might be regression errors from the fixes made forMS09-050 / MS07-063 and possible upcoming patch for Microsoft Securityy in SMB Could Allow Denial of Service========="Robinson Zhang - MSFT" wrote in messagenews:721b0334-bc92-439d-9246-f83340a07c83...Hi Mltwwlco,< Snipped >
Free Windows Admin Tool Kit Click here and download it now
January 7th, 2010 8:03pm

Have you received any replies yet? I've had this same issue on a SBS 2008 and Windows 7 machine and haven't got any definitive answers.
March 17th, 2010 5:18am

First of all, I am sorry for the delayed response. I have established similar test environments to check this issue. However, I cannot reproduce the same problem here. Also, I noticed that you have performed many tests there and I agree that it is likely related to network connection or a certain applications which may be conflict with the SMB components. Although I am not a member for FitIt team, I will forward your feedbacks to the related team. Also, please understand that to identify such issue's root cause, we still need to perform debugging, which is beyond what we can do in the forum, I still strongly suggest that you continue to work with CSS members. Hope it helps.
Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2010 1:29pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics